DSCI Airtel re-define conflict of interest

At their flagship annual event Data Security Council of India (DSCI) have been giving awards for excellence to Indian individuals, companies etc for digital / cyber / information security – which is great and everyone wants an award to keep on desk and announce their arrival to the world. Especially a DSCI award which is attended by the who’s who of government, industry and the cyber security movers and shakers. DSCI has been doing great work over the years and leads Data Security for the nation, so every move they make has to be good in all respects, and must keep national respectability and the flag flying high, as there is no room for mistakes at the top.

Reason is very simple – DSCIISthe national voice of digital / information / data / cyber security for India and “sort of” represents the national / government voice. It is the offspring of NAAS-KAUM having been setup to be the (of course) Data Security voice of India.

And today DSCI is howling because I saw a “tinka” in the “daari” (this is a Hindi saying, and sort of translates to “hey your fly is open”)All that I pointed out was that they had this Jury for the awards and it has 5 members – 2 are closely connected to the company which got three awards, the companies of 2 others are also award winners and the 5th Jury member may have lost his way and reached where he reached.

I expect some more outage and heartburn once through with this blog…. but this is not personal with anyone It is about DSCI and NAAS KAUM (some day I shall share what is NAAS KAUM)

So the first “tinka” in the DSCI “daari” is right here – these guys happily allow atainted company to stand up for being voted (really!) and make them India’s BEST SECURITY PRACTICESandBEST PRIVACY PRACTICESand (OMG this is too much)BEST PAYMENTS BANK.

Frankly – I want to ROTFL and DLMFAO(die laughing my effing ass off)

DLMFAO

I don’t know whether anyone at DSCI reads the news or not – the UIDAI chief makes a pubic statement that these award winners did not have high standards but they OBVIOUSLY had standards which match DSCI’s values! DLMFAO

The Phunny Airtel Awards

I saw the Airtel suspension and then a mailer from DSCI tomtommig the award for Airtel. That’s when I made the observation on a few WhatsApp groups, on Facebook, Twitter and Linked In. Of course, there were many out there who put up their comments on theobviousness of the bias (or should I say possible nepotism). I mean doesn’t this look funny, and if someone tries to say this is above board, I will ask – they are human beings, aren’t they! So, am I and so are the many people who have laughed at the shamelessness of it all.

I posted on these images and message on December 22, 2017, then my friend Naavi supplemented it with his blog that hit the message hard (Naavi’s Airtel Blog)

He followed this up with another blog talking about awards and I must say he has got a number of facts (seemingly) wrong and I disagree with him. For example he alluded to the relationship of DSCI with MeiTY and that the awards were possibly to soften UIDAI in their action against Airtel – I don’t agree with both theories and believe he is wrong.

The Phunny part is that the Airtel folks did not consider it appropriate to withdraw their candidature and went along saying all is well .. INSPITE of the fact that they must have been responding to the charges from UIDAI much earlier. And they concealed this fact.However.. was DSCI blind to the fact when this Airtel tamasha was already in public domain much before the award day! So why did you not remove them from the nomination list – India hai, sab chalta hai. Hah ! Sab andhey nahi hai, na hi sab gungey,

DSCI do you really care about national honor

Frankly I did not want to write this piece but then I saw thespeed of the reaction by DSCI and all their men within 48 hours and this really got me ANGRY.

so now I am going to digress to express my outrage at their behavior and just try to correct me!

DSCI CEO and everyone can stand up immediately to defend acts which “look” like clear violation of the principles of “conflict of interest” etc, but WHERE WAS THIS SPEED OF DISPLAY OF OUTRAGE WHEN SANS HAD INSULTED THE NATION!

Fifteen days this foreign company had cocked a snook at the nation by not acknowledging or apologizing for shamelessly and illegally splaying a map of India in a security conference.

Fifteen days hundreds of members of the Indian security community trolled and blasted SANS EVERY DAY.

And there was NOT a single word from DSCI – no outrage sir ? madam ? NOT A SINGLE DSCI OR NASS-KAUM PERSON SAID ANYTHING OR ACKNOWLEDGED THE COMMUNITY FIGHT AGAINST SANS!

National honor / prestige did not ring this same bell of outrage in your office while the country was fighting the battle with the powerful and rich MNC – and we all know why. Money makes the world go round but at one time one has to draw lines! All that DSCI needed to do was make one crappy re-tweet or say one word or make one phone call and the SANS guy would have been sh***** in his pants saying sorry.

But the one word that seems to govern every one of your actions is “sponsorship”

And now – while you are trying to explain the principles of conflict of interest to these same people who are professionals in governance, risk, compliance, security.

All I can say is one word “pathetic”.

Come on. You know this is a blunder and have guts to admit it and make some amends. You guys have done a lot of good work for the country and such cheap coverups do no good. I have interacted with DSCi for many years and have a lot to say – both good and bad but this is not the time and place.

This blog is about the “tinka” which is outraging DSCI.

Now to come to the “explanation” put out by DSCI as to how there is nothing wrong in having a jury from the same companies which are being given awards or which are under investigation for some serious sh**.

Indirectly, I was “told” that I should have sought a clarification from DSCI – Why! Why didn’t all the king’s men reach out and comment on the whatsapp or social media groups where they are as much members as I am, Why should I reach out to ask if I can express my opinion.

About the “Clarification”

There is a lot to say about the Practice / Clarification document which was put out to explain the holy process of award selection you can read this document and nod your head in wonderment.

To quote a reaction on a closed group – Their excuses are stupider than the awards.

Clarification_on_Process_and_Jury_EvaluationThe so called clarification of process PDF was made on 23rd December at 3.30 after I posted the observation on the WhatsApp group. And it has been conveniently added to the AISS webpage on the DSCI website. Which means that no process was published PRIOR to the event and this process document has been created AFTERWARDS. If Ms Mehta did not participate why did Mr Pramod also recuse himself.

Not that it makes a difference but it just raises the thought about the holy process.

Endnote

I don’t have time now to talk in more detail about this “clarification” but will happy to shred the PDF line by line sometime in the near future. The one reaction quoted above says it all…and the words are not mine.

Entities, organizations are so full of themselves, their success and the power from it, that they forget that the common man also has 1300 gms of grey matter called brains. And that it is capable of thinking, as Mr RK Laxman has demonstrated to the country over the years – that the one thing the common man has is common sense!

As a result of the power blindness, crisis communication of these venerable institutions sucks. This was obvious in the communications issued by Hitachi (the Card-phukkup-wala company), SANS (in their crappy apology for the map), Equifax, OPM (after being breached) and now DSCI.

Something which could have been handled gracefully is going bad. It has resulted in the summary eviction of a respected member of the community from a whatsapp group for no reason. Another member exited the group because certain comments and offline events hurt his sensibilities and self respect (rightly so). This is highly disturbing – why was the member removed without reason, and the other member DID NOT have to leave.

Endnote – A PoV on Awards

Finally I don’t understand why every other organization is giving awards. I have nothing against award ceremonies as it is a great commercial model and conference owners need to make money too. It works well for everyone but then saying this is better or best or most secure is plain bullshit – I mean how do u say I am a bigger expert or that my ISMS is more effective.

And you are saying that they are “Best / Top / Leader” or “God’s gift to mankind” based on the shameless self promoting information provided by these very same GGTM folks. Again as I ROTFL I am DLMFAO.

For example did the Airtel CISO etc have the guts to provide nomination information about their “innovative” practice to indulge in “non-consensual DBT takeover” or misuse of “aadhaar consent”

No harm making money but then be shameless about making money. Why try to paint a holy picture of neutrality and getting a big-4 name to make the process respectable. We all know how respectable these big ones are!

Why not “recognize” people who are doing good work. Who are innovating , who are fighting the system, who are being victimized by the system for their work.

Over the past so many years I have yet to see a “small” company being recognized for it’s work. Or an unknown someone who is not a big shot in a big shot company being called top security professional.

I have some views about the awards and conferences which I shall share sometime in future. I am not out to defame or insult anyone, and when you are “senior” members of the industry you have to set examples and not become examples. If you expect to be respected just because you are senior something, all I can say is LOL.

The information security domain is a small one and everyone knows everyone. And everyone knows who is deserving and who is not. Everyone also knows there are no holy cows or GGTM types and that there is a lot of hot air all over the place.

If we are to make India stand out and be noticed, it will not be by showing off a list of regulations and self proclaimed security “rakhwalas” (protectors) of the nation but by demonstrating the highest level of ethical and professional behavior in thought and action.

Disclaimer

I don’t claim to be the epitome of ethics nor am I an expert in award processes. My personal view of myself is that I am a common man who knows a little bit of security and keeps trying hard to learn more and make ends meet because people do not accept his honest opinion.

Cyber Security practitioner and evangelist working in cyber security in national and enterprise application. Contributor to national policy, awareness and development of capacity / capability. Keeps a critical eye on the past, present and future in the infosec domain, and firm believer in common sense. Uses practical thinking to demolish purveyors of cyber hype and snake-oil.